Improper Authentication Vulnerability in Rockwell Automation's 1794-AENTR Adapter
CVE-2026-0647

8.8HIGH

Key Information:

Vendor: Rockwell Automation
Status: Flex I/o Ethernet/ip Adapters
Vendor: CVE Published:; 16 June 2026

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2026-0647?

An improper authentication security issue has been identified in Rockwell Automation's 1794-AENTR adapter, specifically within its embedded web server. This vulnerability allows attackers to exploit the system by sending specially crafted HTTP GET requests to a designated endpoint, enabling unauthorized modification of the device's web interface password without any authentication requirements. If successfully exploited, this could result in unauthorized access to the device, potential account takeover, and compromise of the availability of the embedded web server.

Affected Version(s)

FLEX I/O EtherNet/IP Adapters 2.012

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jan 6, 2026

CVE-2026-0647 Data

JSON